Cloud computing typically requires robust security, prompting advancements in trusted computing technologies. Trusted Platform Module (TPM) technologies may be implemented to facilitate computing security in computer hardware. For example, a TPM may be implemented in integrated circuits that may be integrated into a computer motherboard.
Typically, a TPM authenticates and protects a host computer by, e.g., storing information specific to the host computer. Such information may include encryption keys, digital certificates and passwords. Accordingly, a TPM may facilitate secure booting sequences, ensure the integrity of the software stack in the computer system, remotely attest state of a computer system, and securely seal or unseal crypto keys and confidential data in the computer system.
In a virtual computing environment, a software program, e.g., a virtual machine manager (VMM), may monitor and manage operations of one or more virtual machines running on the computer system. A virtual machine may simulate a computer system, but the virtual machine does not have to be on the same computer system as the computer system that it is simulating. A VMM may isolate workloads and mediate or regulate access to physical resources of the simulated computer system among multiple virtual machines.
A software program, e.g., a virtual TPM (vTPM), may be used to virtualize and make available the TPM capacities to all virtual machines running on top of a VMM in the computer system. Multiple instances of a vTPM may be created that fully simulate a TPM which is implemented in hardware. Typically, a computer system may only have a single TPM hardware; via the use of a vTPM, each virtual machine needing TPM capacities may operate with the confidence that it has its own private TPM. Secure operation of a vTPM requires a secure association between a virtual machine and the corresponding vTPM.